VPN Quarantine

My non-profit organization has two-thirds of its staff working from home offices and other remote locations. Currently they rely heavily on using Remote Desktop to access our Terminal Server just to use Outlook and access our network shares. This is not ideal for a number of reasons.

Even with the donated licenses on Techsoup.org there is a per user cost

Remote Desktop is very sensitive to fluctuations in connectivity and drops frequently

TS 2000 has no way of restricting user sessions so users consistently have several open sessions from not logging out properly. This eats at the server resources and performance suffers.

TS 2000 does not allow files to be transferred from the local client to the server. Users are constantly emailing themselves files.

For these and other reasons I’ve started exploring VPN. But as any techie knows, home computers are like kids in day care; rife with every virus known to man. Unfortunately, since we don’t provide or maintain employee computers we are faced with the problem of making sure they are up to date with Windows patches and AntiVirus.

Assuring that remote clients meet a certain standard before allowing access can be accomplished by using the Quarantine features available through RSAS in Windows 2003 and by designing a custom vpn installer using CMAK (part of the Win 2003 resource kit).

After some intensive searches, I was able to locate some scripts that use the Windows Update feature to list and install any missing patches. While I haven’t come up with a final script yet, here are some of the resources that have some promising examples.